I have a case scenario where I want a role to be able to execute workflow commands (approve/reject) item which is in "review state" , but they should not be able to edit the item in that state.
I tried doing the following:for "review" state ,for the role.
- Allow the write access to the role for the content item
- Deny access for "Workflow state write"
- Allow access for "Workflow command execute"
But this doesn't behave as expected. I see this message "You cannot edit this item because you do not have write access to it." (expected) . BUT, Deny "workflow state write" also hides the command buttons
I see some weird pattern - I start off by allowing write access everywhere (content Item write and workflow state write) -
- Move item thru workflow , reach the review step (now has both buttons and edit permissions) .
- Now I go back to security editor and "deny the workflow state write" for the role, for the review state.
- I refresh content item , I now see the command buttons AND a different message "You cannot edit this item because it is in a workflow state that you do not have write access to."
This weird pattern is the behavior I want , however I cannot seem to duplicate it with out real time permission edits. Please help.
